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DETAILED ACTION 

The instant application having Application No. 10/540325 is presented for 
examination by the examiner. Claims 2-9 have been canceled. Claims 10-19 have 
been added. Claim 1 has been amended. Claims 1 and 10-19 are pending. 

Response to Amendment 

Drawings 

The new drawings are objected because it lacks a number by which is referred 
to. Also reference labels would be helpful in understanding the invention. Furthermore 
the specification could be clearer if the steps recited on page 3 were referenced by the 
needed drawing labels. The figure should be labeled as Figure 1 . 

Specification 

As mentioned above, the specification discloses a method of the invention on 
page 3. The references to the drawing by variable name are not sufficient in 
understanding the method as it relates to the lines and elements drawn in the figure. 
Reference to the figure should be by its needed label of number 1 . 



Claim Rejections - 35 USC §112 
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The following is a quotation of the second paragraph of 35 U.S.C. 1 1 2: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Cialnns 1 and 10-19 is rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

As per claim 1 and its dependent claims the naming and referencing to the 
possessor(s) are not consistent. Examiner cannot ascertain which possessor are 
functions been applied to, nor how many possessors exist. Sometimes the possessor is 
recited by "a", "each", "this", on more than one occasion. In the first recitation of the 
possessors, "at least possessors" is indefinite as well. Does this mean at least two? 
The definition of possessors and requesters are not definitive and distinct. Possessors 
are redefined by "a possessor" throughout the dependent claims. Appropriate 
correction is required. 

As per claim 1 , the word "each" and "the relevant data" lacks antecedent basis. 

As per claim 1 1 , the user and the operating system lack antecedent basis. 

As per claim 12, there seems to be a word missing between "and memory 
manger". A page is defined twice. 

As per claim 13, the functions lacks antecedent basis. 

As per claim 16, it is not clear which term "the latter" refers too. 

As per claim 17, there seems to be some words messing between claim 1 and 
associating. For example if the claim read "...method according to claim 1 further 
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comprising different it would be clearer. This not a recommendation of how to 
change the claim, rather it is just an example of how to further narrow the parent claim 
by saying it further comprises another limitation. 

As per claim 18, it is not clear how a physical protection mechanism is coupled to 
the method of claim 1 . 

As per claim 19, the phrase "such as" renders the claim indefinite because it is 
unclear whether the limitations following the phrase are part of the claimed invention. 
See MPEP§ 2173.05(d). 



Response to Arguments 

Applicant's arguments filed 2/12/09 have been fully considered but they are not 
persuasive. As per claim 1 , Examiner maintains that the prior art of record Flenley 
anticipates all of the limitations given their broadest reasonable interpretation. The 
memory allocation units of Flenley are the actual blocks of memory which contain a 
component control block (col. 3, lines 25-30). The CCB contains many variables which 
control access to the memory. Examiner also finds Flenley to check the identity of the 
requester. As claimed, there is nothing which precludes the requester from being the 
user of the system. Flenley verifies the user's identity (col. 4, lines 60-67). Also there is 
nothing in the claim which discloses that encryptions keys are created for each 
possessor. The argument implies the memory manager creates the keys for the 
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possessor but none of these limitations are in tlie claim, so the point is moot. Moreover, 
Examiner finds column 4, lines 60-65 to teach the shared memory controller to used to 
check and verify the user's identity. Again as interpreted by the Examiner, the requestor 
is the user. Lastly, Examiner finds the argument about checking the validity of an 
allocation unit in regards to claim 1 moot because this limitation is not in the claim. 
However turning to claim 16 which does disclose an area for integrity checking, can be 
found in Flenley in col. 3, lines 61-62. Flenley explicitly states the integrity of each 
variable name is validated in memory. Claim 16 discloses no more than this 
interpretation. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1, 11-13, 15, 16, 18, and 9 are rejected under 35 U.S.C. 102(b) as being 
anticipated by USP 6,282,618 to Flenley, hereinafter Flenley. 

As per claim 1 , Flenley teaches a method for securing by software confinement, 
a computer system which executes codes which manipulate data (see Abstract), 
involving: 
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at least one memory manager [shared memory controller] managing memory 
allocation units (col.3, lines 19-20 & col. 3, lines 66- col. 4, lines 2), and 

at least possessors [application] and requesters [users] of memory allocation 
units (col. 3, lines 14-15 and col. 6, lines 60-65), 

said method comprising the following steps: 

performing an allocation of memory by the memory manager (col. 3, lines 16-19) 
upon request from another component of the operating system which transmits to said 
memory manager, the identity of the requester (col. 6, lines 65-66); 

a check by the aforesaid memory manager of the whole of the allocation units, 
each being associated with a possessor of the memory allocation unit [checks memory 
space for existing webpage] (col. 3, lines 47-55); 

an encryption of the data of each possessor by means of a key associated with 
this possessor (col. 4, lines 36-39); 

a check by the memory manager, for each request to access a memory 
allocation unit, of the identity of the requester; if this identity is not identical to that of the 
possessor of said memory allocation unit, then access to the memory allocation unit is 
refused by the memory manager (col. 4, lines 62-65 and col. 5, lines 6-9); and 
a performance, by means of the memory manager, of encryption (in the case of a write 
request)[stored in shared memory] (col. 4, lines 40-45) or decryption [GetVariableEnc] 
(in the case of a read request) of the relevant data with the key associated with the 
possessor, this key being at least recalculated by the memory manager (col. 4, lines 46- 
47). 
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As per claim 10, Flenley teaches one of said memory allocation units is a page 
with a fixed size or a block with a variable size (col. 3, line 20). 

As per claim 1 1 , Flenley teaches one of said possessors or requesters is an 
application of the user of the operation system of the computer system or the operating 
system itself [possessor is application; col. 1 , lines 45-55]. 

As per claim 12, Flenley teaches the allocation unit is the page (col. 3, lines 39- 
40), and the memory manager, when it receives a request for allocating a block on 
behalf of a possessor of a memory allocation unit, first searches for a page with the 
same possessor so that all the blocks allocated by said possessor are found grouped in 
one or several dedicated pages (col. 3, line 67- col. 4, line 14). Flenley teaches that 
data is group by each web page accessing the shared memory whereby all is needed in 
an offset pointer to direct the possessor to the needed data inside the block (col. 3, line 
35). 

As per claim 13, Flenley teaches transmission of the identity of the requester is 
accomplished either by managing a current context, or by passing parameters to the 
functions of the memory manager (col. 5, lines 40-43). 

As per claim 15, Flenley teaches the memory manager associates the key with 
each set of possessor and memory allocation unit instead of associating a unique key 
with each possessor (col. 4, lines 40-45). Flenley teaches the memory allocation unit, 
CCB, has a possessor and key. 
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As per claim 16, Flenley teaches the memory manager integrates into each 
memory allocation unit, an area with which the integrity of the latter may be checked 
(col. 3, lines 63-64). 

As per claim 17, Flenley teaches the memory manager integrates into each 
memory allocation unit, an area with which the integrity [validity] of the latter may be 
checked [checks the validity of the parameters] (col. 3, lines 57-61). 

As per claim 18, Flenley teaches combining with a physical protection 
mechanism (col. 4, lines 35-36). 

As per claim 19, Flenley teaches implementation on an embedded system [ATM] 
such as a terminal of the portable telephone type, a bank payment terminal, a portable 
payment terminal, a digital assistant or PDA, a chip card (col. 5, line 23). 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as 
set forth in section 102 of this title, if the differences between the subject matter sought to be 
patented and the prior art are such that the subject matter as a whole would have been obvious 
at the time the invention was made to a person having ordinary skill in the art to which said 
subject matter pertains. Patentability shall not be negatived by the manner in which the invention 
was made. 



Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Flenley in 
view of USP 7,353,281 to New, Jr. et al., hereinafter New. 
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As per claim 4, Flenley is silent is explicitly teaching the memory manager 
dynamically calculates the key of a possessor from a secret associated with said 
possessor and a so-called master key to which only the memory manager has access. 
Flenley does however teach as an embodiment an ATM card being presented to an 
ATM machine in order to authenticate the user of the card based on personal 
identification stored on the card. New takes this process one step further by generating 
the encryption key based on the user's identification and a private key [master key] of 
the server hosting the applications (col. 5, lines 5-10 and col. 6, lines 26-36). New's 
way of generating the encryption key is more secure than Flenley's because it does not 
take a user's secret information into forming the encryption key. The use of 
asymmetrical cryptography is well known in the art. It would have been obvious at the 
time of the invention to one of ordinary skill in the art to incorporate New's dynamic 
calculation of a key from a secret associated with the possessor and the master key into 
Flenley's system because it would protect the secret information of the user from an 
attacker. Protection of this assures the user is who he says he is. The function of 
New's teaching would have been predictable to one of ordinary skill in the art at the time 
of the invention. 

Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Flenley in 
view of USP 7,333,956 to Malcolm. 
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As per claim 7, Flenley does not explicitly teach associating different security 
levels with the applications and using different encryption means according to the 
associated security level. Flenley does teach that his method has the option of using 
encryption or not. Malcolm security system invokes a more granular strategy by 
allowing the system to choose the appropriate level of security by using different levels 
of encryption (col. 36, lines 31-41). As one of ordinary skill in the art knows, different 
encryption algorithms are stronger than others. Also one of ordinary skill knows that 
key length also carries with it a measure increases strength. Having the choice of 
encryption strength not allow inherently increases the security of the system but also 
avoids extraneous overhead by having to encrypt everything to the highest possible 
level when only certain cases need this type of security. Whereas Flenley has an all or 
not approach to encryption, incorporating Malcolm's teaching would provide predictable 
results of more security without inefficiency. Therefore it would have been obvious to 
one of ordinary skill in the art at the time of the invention to modify the teachings of 
Flenley with those of Malcolm in order to improve security without sacrificing efficiency. 



Conclusion 



Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 



Application/Control Number: 10/540,325 Page 1 1 

Art Unit: 2431 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 

- 5:00pm, EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
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Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2431 

/Ayaz R. Sheikh/ 

Supervisory Patent Examiner, Art Unit 2431 



